Last month, VMware held a launch event for Cloud-Native Applications and announced two open source projects in support of this initiative. Project Photon and Project Lightwave are infrastructure components focused on running and securing apps that leverage Linux containers.
Project Lightwave source code was just released on GitHub, but binary RPMs are also available and quite easy to install on a Photon instance if you would like to take it for a spin. In this post you will see how to add the Lightwave repositories to Photon and perform the initial configuration for a server and client.
You will need to create two Photon VMs. There are several options, ranging from VMware Fusion with Vagrant to vSphere to public clouds. Ensure that each VM has a unique name. If necessary, the hostname of a Photon instance can be changed by editing these files:
Update the hostname value stored in /etc/hostname by running:
hostnamectl <new name>
Verify by using the ‘hostnamectl’ command after rebooting.
Configure RPM Repositories
Lightwave binary RPMs are available for download, use the following procedure to enable the repositories on both the server and client Photon instances. Log in as root or use sudo -i before executing the commands below.
First disable the Photon ISO repo if it is not connected to prevent errors during subsequent procedures:
cd /etc/yum.repos.d && sed -i 's/enabled=1/enabled=0/' photon-iso.repo
Note that you will need to edit some files. This can be done using the installed ‘nano’ text editor, which is installed by default, or by adding the ‘vim’ package with the following command:
tdnf install vim
Paste the following script into the terminal window to create two new RPM repositories on Photon:
cd /etc/yum.repos.d cat - <<HERE > lightwave.repo [lightwave] name=VMware Lightwave 1.0(x86_64) baseurl=https://dl.bintray.com/vmware/lightwave gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY gpgcheck=0 enabled=1 skip_if_unavailable=True HERE cat - <<HERE > photon-extras.repo [photon-extras] name=VMware Photon Extras 1.0(x86_64) baseurl=https://dl.bintray.com/vmware/photon_extras gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY gpgcheck=0 enabled=1 skip_if_unavailable=True HERE
Run the following command to verify four repositories are enabled:
# tdnf repolist repo id repo name status photon-updates VMware Photon Linux 1.0(x86_64)Updates enabled lightwave VMware Lightwave 1.0(x86_64) enabled photon-extras VMware Photon Extras 1.0(x86_64) enabled photon VMware Photon Linux 1.0(x86_64) enabled
Install Lightwave Server Components
There are several dependencies needed for Lightwave but the tdnf package manager will take care of installation. The vmware-lightwave-server package is actually a meta-RPM that pulls everything down with a single command. Packages can also be installed individually if something interferes with the simplified process.
root [ /etc/yum.repos.d ]# tdnf install vmware-lightwave-server Installing: e2fsprogs-devel x86_64 1.42.9-1 haveged x86_64 1.9.1-1.0 vmware-ca-client x86_64 6.0.0-0 boost x86_64 1.56.0-1 krb5 x86_64 1.12.2-1 openldap x86_64 2.4.40-1 cyrus-sasl x86_64 2.1.26-1 vmware-directory-client x86_64 6.0.0-0 vmware-afd-client x86_64 6.0.0-0 likewise-open x86_64 6.2.0-0 vmware-ic-config x86_64 1.0.0-0 vmware-directory x86_64 6.0.0-0 vmware-ca x86_64 6.0.0-0 vmware-afd x86_64 6.0.0-0 vmware-lightwave-server x86_64 6.0.0-0
The next step is to promote this first server to become a domain controller:
root [ /etc/yum.repos.d ]# /opt/vmware/bin/ic-promote --domain lightwave.local --password VMware1! 20150519200020:INFO:Setting up system as Infrastructure standalone node 20150519200020:INFO:Starting service [dcerpc] 20150519200020:INFO:Starting service [vmafd] 20150519200021:INFO:Starting service [vmdir] 20150519200024:INFO:Starting service [vmca] 20150519200025:INFO:Setting various configuration values 20150519200025:INFO:Promoting directory service to be domain controller 20150519200025:INFO:Setting up the logical deployment unit 20150519200025:INFO:Setting up VMware Certificate Authority 20150519200025:INFO:Adding VMCA's root certificate to VMware endpoint certificate store 20150519200025:INFO:Generating Machine SSL cert 20150519200025:INFO:Setting Machine SSL certificate 20150519200025:INFO:Publishing Machine SSL certificate for directory service 20150519200025:INFO:Restarting service [vmdir] Domain Controller setup was successful
Ensure the process is successful as shown above.
Install Lightwave Client Components and Join Domain
The client components are also covered by a single meta-RPM called vmware-lightwave-clients. Jump over to the client Photon instance and execute the following command:
root [ /etc/yum.repos.d ]# tdnf install vmware-lightwave-clients Installing: e2fsprogs-devel x86_64 1.42.9-1 haveged x86_64 1.9.1-1.0 boost x86_64 1.56.0-1 krb5 x86_64 1.12.2-1 openldap x86_64 2.4.40-1 cyrus-sasl x86_64 2.1.26-1 vmware-afd-client x86_64 6.0.0-0 likewise-open x86_64 6.2.0-0 vmware-ic-config x86_64 1.0.0-0 vmware-directory-client x86_64 6.0.0-0 vmware-ca-client x86_64 6.0.0-0 vmware-afd x86_64 6.0.0-0 vmware-lightwave-clients x86_64 6.0.0-0
After installing the packages, one last step is needed to join the domain created in the previous step:
# /opt/vmware/bin/ic-join --domain-controller 192.168.237.198 --domain lightwave.local Password (firstname.lastname@example.org): 20150519201521:INFO:Setting up system as client to Infrastructure node at [192.168.237.198] 20150519201521:INFO:Validating credentials to partner [192.168.237.198] at domain [lightwave.local] 20150519201521:INFO:Starting service [dcerpc] 20150519201521:INFO:Starting service [vmafd] 20150519201521:INFO:Setting various configuration values 20150519201521:INFO:Joining system to directory service at [192.168.237.198] 20150519201521:INFO:Get root certificate from VMware Certificate Authority 20150519201521:INFO:Adding VMCA's root certificate to VMware endpoint certificate store 20150519201521:INFO:Generating Machine SSL cert 20150519201521:INFO:Setting Machine SSL certificate Domain Join was successful
It’s easy enough to stand up a prototype Lightwave domain, but there are many more capabilities beyond this simple deployment, such as adding additional servers to the domain in order to enable multi-master replication.
Up next we will walk through enabling SSH authentication to log into the client using domain credentials. Stay tuned.